126 Commits (main)

Author SHA1 Message Date
score bcf2dd8794
Start unbound with intended arguments
Unbound looked like it was meant to be started as if by `unbound -c /etc/unbound/unbound.conf`, but instead the string `-c /etc/unbound/unbound.conf` was set as argv[0] of the unbound command, meaning it is never parsed.
2 years ago
Alexander Graf 25635396e7
Bind webdav to port only 2 years ago
Florent Daigniere 9d555b0eec Don't expose any port (suggestion from ghost) 2 years ago
Florent Daigniere 108958cabb drop privs better 2 years ago
Florent Daigniere e42d029c25 normalize booleans 2 years ago
Florent Daigniere 4e3874b0c1 Enable dynamic resolution of hostnames 2 years ago
bors[bot] 553b02fb3d
Merge #2529
2529: Improve fetchmail r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve fetchmail:
- allow delivery via LMTP (faster, bypassing the filters)
- allow several folders to be retrieved
- run fetchmail as non-root
- tweak the compose file to ensure we have all the dependencies

### Related issue(s)
- closes #1231 
- closes #2246 
- closes #711

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2 years ago
bors[bot] f43c8c652e
Merge #2483 #2535
2483: Introduce FETCHMAIL_ENABLED r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?
Add `FETCHMAIL_ENABLED` to enable/disable the Fetchmail functionality in the Admin UI.

### Related issue(s)
- closes #2127

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2535: fix the linux/arm/v7 build r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

The arm builder is running aarch64 ... and there is no package for arm/v7


Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere 385b6ac85d Use string formatting 2 years ago
Florent Daigniere 08a9ab9a56 Improve fetchmail 2 years ago
Vincent Kling 728afdd34a Add basic logging for FETCHMAIL_ENABLED and FETCHMAIL_DELAY 2 years ago
Vincent Kling 4a74cd9afe Resolve conflict 2 years ago
Vincent Kling 6901b0f05e Implement FETCHMAIL_ENABLED in fetchmail.py 2 years ago
Alexander Graf 146921f619
Move curl to base image 2 years ago
Alexander Graf 4c1071a497
Move all requirements*.txt to base image 2 years ago
Alexander Graf a29f066858
Move even more python deps to base image 2 years ago
Dimitri Huisman d19208d3d1 Merge branch 'master' of github.com:Mailu/Mailu into feature-switch-snappymail 2 years ago
Alexander Graf bb0a96c6f7
Add pytz module 3 years ago
Will a54a784168 Update alpine-linux to 3.14.5 - Zlib security FIX 3 years ago
Dimitri Huisman f2f859280c Merge remote-tracking branch 'origin/master' into feature-switch-snappymail 3 years ago
Dimitri Huisman 9519d07ba2 Switch from RainLoop to SnappyMail 3 years ago
Will d02296c3bc Update alpine-linux to 3.14.4 - OpenSSL security FIX 3 years ago
Will b2abbc8856 update Dockerfile to alpine 3.14.3 3 years ago
Dimitri Huisman 2efad07c0b Merge branch 'master' of github.com:Diman0/Mailu into remove-mailu-postgresql 3 years ago
bors[bot] 08be233607
Merge #2058
2058: Implement versioning for CI/CD workflow. r=mergify[bot] a=Diman0

## What type of PR?

Feature!

## What does this PR do?
This PR introduces 3 things
- Add versioning (tagging) for branch x.y (1.8). E.g. 1.8.0, 1.8.1 etc.
  - docker repo will contain x.y (latest) and x.y.z (pinned version) images.
  - The X.Y.Z tag is incremented automatically. E.g. if 1.8.0 already exists, then the next merge on 1.8 will result in the new tag 1.8.1 being used.
- Make the version available in the image.
  -  For X.Y and X.Y.Z write the version (X.Y.Z) into /version on the image and add a label with version=X.Y.Z
	  -  This means that the latest X.Y image shows the pinned version (X.Y.Z e.g. 1.8.1) it was based on. Via the tag X.Y.Z you can see the commit hash that triggered the built.
  -  For master write the commit hash into /version on the image and add a label with version={commit hash}
-  Automatic releases. For x.y triggered builts (e.g. merge on 1.9) do a new github release for the pinned x.y.z (e.g. 1.9.2). 
  -  Release shows a static message (see RELEASE_TEMPLATE.md) that explains how to reach the newsfragments folder and change the branch to the tag (x.y.z) mentioned in the release. Now you can get the changelog by reading all newsfragment files in this folder.

This PR does not change anything to our workflow (what we (human persons) do). Our processes are still exactly the same. The above introduced logic is automatic. When we backport to X.Y all the magic for creating the pinned version X.Y.Z is handled by the CI/CD workflow.

### Related issue(s)
- closes #1182

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

## Testing
Suggested testing steps. This should cover all situations including BORS. It does require that you use your own docker repo or temporarily create a new one.
Suggested testing steps.
1. Create new github repo.
2. Add the required docker secrets to the project (see beginning of CI.yml for the secret names), DOCKER_UN, DOCKER_PW, DOCKER_ORG, DOCKER_ORG_TESTS.
3. Clone the project.
4. Copy the contents of the PR to the cloned project.
5. Push to your new github repo.
6. Now master images are built. Check that images with tag master are pushed to your docker repo
7. Check with docker inspect nginx:master that it has the label version={commit hash}.
8. Run an image, run `docker-compose exec <name> cat /version`. Note that /version also contains the pinned version. For master the pinned version is the commit hash.
9. Create branch 1.8. 
10. Push branch 1.8 to repo.
11. Note that tags 1.8 and 1.8.0 are built and pushed to docker repo
12. Inspect label and /version. Note that 1.8 and 1.8.0 both show version 1.8.0.
13. Push another commit to branch 1.8.
14. Note that tags 1.8 and 1.8.1 are built and pushed to docker repo
15. Inspect label and /version. Note that 1.8 and 1.8.1 both show version 1.8.1.
16. Let's check BORS stuff.
17. Create branch testing.
18. Push the commit with the exact commit text (IMPORTANT!!): `Try #1234:`'.
19. Note that images are built and pushed for tag `pr-1234`.
20. Inspect label and /version. Note that the version is `pr-1234`.
20. Create branch staging.
21. Push the commit with commit text: `Merge #1234`.
22. Note that this image is not pushed to docker (as expected).

but you could also check the GH repo and docker repo I used:
https://github.com/Diman0/Mailu_Fork
https://hub.docker.com/r/diman/rainloop/tags

Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Dimitri Huisman 1eeffe29c0 Remove Mailu PostgreSQL. Make roundcube database configurable via setup. Fix #1838. 3 years ago
Alexander Graf 602accfba7
fixed ipv6 access-control 3 years ago
Dimitri Huisman f7677543c6 Process code review remarks
- Moved run to bottom of Dockerfile to allow using unmodified / cached states.
- Simplified bash code in deploy.sh.
- Improved the large bash one-liner in CI.yml. It could not handle >9 for 1.x.
3 years ago
Dimitri Huisman 56dd70cf4a Implement versioning for CI/CD workflow (see #1182). 3 years ago
Dimitri Huisman d7d02152bb Make fetchid file not hidden. 3 years ago
Dimitri Huisman 92e65b33e0 Configure fetchmail to use idfile to keep track of messages.
Run fetchmail as root. This is unfortunately required because
all files are owned by root in the mailu data folder.
In the future  we must switch all images to running all
all processes with a non-root user.
3 years ago
Dimitri Huisman 2404cf2e3d Fix for issue #1223 3 years ago
DjVinnii 225160610b Set default TZ in Dockerfiles 3 years ago
DjVinnii 50d76076ed Add tzdata to optional 3 years ago
Florent Daigniere 1cf0f76b52 not required anymore 3 years ago
Florent Daigniere e9f84d7d99 Improve the unbound configuration 3 years ago
Alexander Graf 447b237ecb fix freshclam startup
- create pid file in existing folder /run
- let freshclam log to stdout
- remove deprecated SafeBrowsing
3 years ago
Florent Daigniere d7c2b510c7 Give alpine 3.14.2 a shot 3 years ago
Florent Daigniere 0c4455ccf5 Revert "Rollback to alpine 1.12"
This reverts commit e1ddbb6eec.
3 years ago
Florent Daigniere e1ddbb6eec Rollback to alpine 1.12
it ships unbound 1.10 that doesn't have the bug I think
08968baec1
3 years ago
Florent Daigniere 0211c06c37 don't need sudo here 3 years ago
Florent Daigniere 420afa53f8 Upgrade to alpine 3.14 3 years ago
parisni d2803f6f46 Update setup website 3 years ago
parisni 278878d48d Remove unused deps 3 years ago
bors[bot] 42cefab4c2
Merge #1760
1760: Security updates to postgresql r=mergify[bot] a=WebSpider

## What type of PR?

Security update

## What does this PR do?

It fixes vulnerabilities in the sudo package in the postgresql optional container documented in
CVE-2021-23240, CVE-2021-3156 and CVE-2021-23239

### Related issue(s)

None

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Nils Vogels <n.vogels@aves-it.nl>
4 years ago
Dario Ernst 4dbefe8e3a
Merge pull request #1631 from toastboy70/bug/#1536
Change unbound logfile to the empty string
4 years ago
Nils Vogels 6c4fa5432f Provide fix in postgresql container for CVE-2021-23240, CVE-2021-3156, CVE-2021-23239 4 years ago
cbachert 72a9ec5b7c Fix extract_host_port port separation
Regex quantifier should be lazy to make port separation work.
4 years ago
Jon Wilson 5e32447f07 Change unbound logfile to the empty string
This is defined to send log messages to stderr, which is
what we want - fixes #1536 ("Could not open logfile /dev/stdout:
Permission denied")
4 years ago
Richard Gomes b414757ff8 Fix hardcoded reference to admin container. 4 years ago